Security News Bundle
- Get link
- X
- Other Apps
"Predator spyware hacks iOS SpringBoard to hide mic, camera activity."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 22 February 2026, 0036 UTC.
Content and Source provided by email subscription from https://feedly.
https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Security News Bundle
305
Today
Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. [...]
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. [...]
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post appeared first on SecurityWeek .
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the flaws added to the catalog: CVE-2025-49113 (CVSS score of 9.9) RoundCube Webmail Deserializat
Yesterday
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code
A handful hog the headlines, but many function-specific agents are available to developers and users. MIT's latest study explores the broader agentic ecosystem.
ZDNet | Security / 22h
Lenovo's IdeaCentre Mini x is a compact PC with efficient everyday performance, making it a good alternative to desktops and laptops alike.
Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the Hot for Security blog.
PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along with Social Security numb
About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…
Dark Reading / 1d
Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.
ZDNet | Security / 1d
The Google Pixel 10a may not be the upgrade you expected, but it beats the more expensive Pixel 10 in a few ways.
ZDNet | Security / 1d
There's no limit to the cool things you can do with KDE Connect. Here's how to get started.
4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …
Check Point Software has announced that it has been named a Leader and Fast Mover in the GigaOm Radar for Cloud Network Security 2025 , marking the company’s third consecutive year in the top position. GigaOm recognised Check Point for its prevention-first architecture, unified cloud security platform, and consistent pace of innovation – further strengthened by the company’s Open Garden strategy,
ZDNet | Security / 1d
The CMF Headphone Pro are my new pick for the best headphones under $75. Here's why.
Dark Reading / 1d
Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed guardrails.
Both AI Overviews and AI Mode now display handy pop-up links to the original sources, so you can easily check them out to verify the AI-based information.
What happens in Vegas… Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. [...]
Dark Reading / 1d
After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.
IT Security Guru / 1d
Cybersecurity threats continue to escalate in scale, speed and sophistication, placing growing pressure on organisations to move beyond reactive defences and rethink how risk is governed at leadership level. As digital systems underpin everything from national infrastructure to day-to-day business operations, failures in governance, communication and accountability are increasingly being exposed
Sit back and relax while Gemini reads you the summary of a document in Google Docs.
IT Security Guru / 1d
Out of the UK, some of the most exciting and innovative tech and cyber companies are being nurtured and grown to global significance. Backed by government funding, the UK is currently creating its own exceptional pipeline of innovative talent. Behind many of these companies is Plexal , the innovation and growth company that is solving society’s most pressing challenges through collaboration on te
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. [...]
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the
The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. [...]
SecurityWeek / 1d
NIST’s single photon chip will likely make QKD an option for a wider range of companies. The post appeared first on SecurityWeek .
SecurityWeek / 1d
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI concerns. The post appeared first on SecurityWeek .
ZDNet | Security / 1d
Switching to a different DNS provider than your ISP can offer faster performance and better security. Here how.
BleepingComputer / 1d
The "shift left" approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by default. [...]
ZDNet | Security / 1d
Tubi is adding dozens of '60s to '90s cartoons to its free lineup. Here's what you'll find.
ZDNet | Security / 1d
You don't need new clothes, you need this fabric shaver to get more use out of the garments you've stopped wearing.
Polish arrest leads to extradition and federal prison sentence Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI
ZDNet | Security / 1d
The Pixel 10a debuts as the best Google offering under $500, but its toughest rival is its predecessor, the Google Pixel 9a.
Attempt to go 'Made in EU' offers big tech escapees a reality check where lower cloud bills come with higher effort Building a startup entirely on European infrastructure sounds like a nice sovereignty flex right up until you actually try it and realize the real price gets paid in time, tinkering, and slowly unlearning a decade of GitHub muscle memory.…
Dark Reading / 1d
The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage
It's much easier to manage PDFs now, too.
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko , a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S. identities and selling them to North Korean IT worke
IT Security Guru / 1d
Keeper Security has expanded its Privileged Access Management (PAM) platform, KeeperPAM, with native support for Google Cloud Platform (GCP), enabling organisations to unify privileged access controls across Google Cloud, AWS and Microsoft Azure environments. The move addresses a growing security concern for enterprises operating in increasingly complex, multi-cloud infrastructures: unmanaged and
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. [...]
Dark Reading / 1d
As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastructure.
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks. The post appeared first on SecurityWeek .
Hardcoded credential flaw in RecoverPoint already abused in espionage campaign Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024.…
The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. [...]
The Hacker News / 1d
With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land
ZDNet | Security / 1d
Get a Google Pixel 10 Pro for free when you sign up for a new line on a Verizon Unlimited plan. Here's how.
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild. The post appeared first on SecurityWeek .
Feds say trio conspired to siphon processor and cryptography IP, allegedly routing some data overseas Two former Google engineers and a third alleged accomplice are facing federal charges after prosecutors accused them of swiping sensitive chip and security technology secrets and then trying to cover their tracks when the scheme began to unravel.…
Appeals judge overrules lower tribunal in latest battle of ICO against a breached retail giant The UK's data protection watchdog has scored a small win in a lengthy legal battle against a British retail group that lost millions of data records during a 2017 breach.…
The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020. The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last year. According to the Department of Justice (DoJ), total losses tied
The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM "jackpotting" attacks, in which criminals use malware to force cash machines to dispense money.
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.